CVE-2025-15257
Remote Command Injection in Edimax BR-6208AC Web Interface
Publication date: 2025-12-30
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| edimax | br-6208ac | 1.03 |
| edimax | br-6208ac | 1.02 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a command injection flaw in the Edimax BR-6208AC router's web-based configuration interface, specifically in the formRoute function. By manipulating certain input arguments (strIp, strMask, strGateway), an attacker can remotely execute arbitrary commands on the device.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can remotely execute commands on the affected device, potentially gaining control over it. This can lead to unauthorized access, disruption of network services, data interception, or further attacks within the network.
What immediate steps should I take to mitigate this vulnerability?
Since the affected Edimax BR-6208AC V2 device has reached its End of Life (EOL) and no further firmware updates or patches will be provided, the recommended immediate mitigation step is to upgrade to a newer, supported model to ensure better security.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual or unauthorized HTTP requests to the /gogorm/formRoute endpoint of the Edimax BR-6208AC router, especially those containing suspicious parameters such as strIp, strMask, or strGateway with special characters or command injection payloads. Since the vulnerability involves command injection via these parameters, network intrusion detection systems (NIDS) can be configured to alert on HTTP requests containing suspicious patterns targeting this endpoint. Specific commands to detect exploitation attempts are not provided in the available resources. However, you can use tools like curl or wget to test the endpoint manually by sending crafted requests to /gogorm/formRoute with various payloads to check for command injection behavior. Additionally, monitoring device logs for unexpected command executions or system behavior may help identify exploitation attempts. Due to the lack of official mitigations or detection scripts, replacement of the affected device is recommended. [1, 2]